SOCK_RAW allows both receiving and sending packages. The main utility of SOCK_RAW is to implement new transport protocols in userspace (outside the kernel). For example, a program that uses ICMP packages like ping has to be implemented using this type of socket.
To sniffing you will be much better served using libpcap, which is even portable. Another advantage of libpcap is efficiency: you can filter for many parameters beyond the protocol, and this BPF filter is literally compiled within the kernel for maximum efficiency.
But yes, a SOCK_RAW socket can be used to "sniffar" packages.
The buf parameter is a pointer to a buffer (can be a char bla variable[4096]) with enough space to receive packets.
The internal format of the data you will find in this buffer varies according to the protocol you chose as "filter". For example, if the protocol is IPPROTO_RAW, you will receive all IP packets, so the beginning of the buffer will contain the IP header, which you will need to parse to find the transport protocol. If you use IPPROTO_UDP, the beginning of the buffer will contain the UDP header, but not the IP header. And if you use htons(ETH_P_ALL), you will receive the entire Ethernet package, the beginning of the buffer will have the link layer header.
The flags parameter can be 0 or it can receive a value that modifies the behavior of the function. There are many of them, for example the value MSG_DONTWAIT makes the function return immediately if there is a package ready to be read (ie the function operates in non-blocking mode).
This page has several examples of SOCK_RAW usage: http://www.pdbuchan.com/rawsock/rawsock.html